-
-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
formulae: use strict audit #913
Conversation
Since we are already requesting `Homebrew/core` contributors to use `brew audit --strict` (it's in the checklist), I believe our test bot should do the same. This should help us, for instance, to notice the missing `test` block in Homebrew/homebrew-core#129122. Signed-off-by: Ruoyu Zhong <[email protected]>
This is basically the reason Maybe what test-bot should do is treat If there's anything in particular you think should be failing CI, maybe the particular audits you're thinking about could be promoted from strict audits to regular audits. This also has the benefit that it'll be covered in existing tap-wide audit checks to ensure we're not going to start failing hundreds of formulae. There's also non-core taps to consider for some strict audits. To use the test block example: many run external CI on binaries and don't use formula test blocks, so I reckon that particular audit should be scoped to Homebrew/core accordingly. |
No, we've just removed "warnings" vs "errors" in
Agreed.
Also agreed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As comments: passing on this, we shouldn't do this, sorry! We could consider having a --strict
option here that could be applied with a label in specific PRs but the discussed solutions seem better than that.
OK, thanks @Bo98 @MikeMcQuaid -- let me revisit this later. Yes, we can probably scope the An alternative solution would be to add a |
This is somewhat an existing issue. IMO we should have a better system that taps can opt-in to some core checks, but there's been strong disagreements to this before.
Some strict audits are intentionally non-errors for Homebrew/core too. An example is go_resource deprecation. Strict audits are enabled for new formulae, so it blocks anything new using it. But existing usages are largely unfixable without upstream adding what we want: a go.lock file. We don't want to remove formulae outright because of it, and they are naturally being deprecated over time for not being maintained upstream anyway - almost all have by this point. So I guess it's effective grandfathering for that stuff. All of the strict checks are in a way, for varying degrees of temporary timeframes. |
Since we are already requesting
Homebrew/core
contributors to usebrew audit --strict
(it's in the checklist), I believe our test bot should do the same.This should help us, for instance, to notice the missing
test
block in Homebrew/homebrew-core#129122.